System and method for securing data from a remote input device

摘要

An input device with an integrated security module communicates with a processing component over an insecure medium. The insecure medium may be a wireless network, software stack, or the like. According to one embodiment, the security module is integrated into an existing chip of the input device. Data generated by the input device is encoded and/or authenticated by the security module prior its transmission to the processing device. The processing device receives the input data and processes it within its own security boundary for providing selected services or information to a user or application associated with the input device.

主权项

1. A method for secure handling of input data comprising:
generating a private key within a first hardware security module that is integrated into an input device; generating a public key corresponding to the private key; exporting the public key to an external device; exchanging a temporary cryptographic key with a second hardware security module of the external device to establish a secure communication channel on a communication link between the first hardware security module and the external device; receiving an encrypted symmetric key via the secure communication channel; decrypting the encrypted symmetric key using the private key; receiving, at the first hardware security module, the input data from the input device; encrypting, using the exchanged temporary cryptographic key, the input data within the first hardware security module before the input data leaves a hardware boundary of the input device; and transmitting the encrypted input data to the external device over the secure communication channel.